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•^ , Abstract 

For g < n, let bi, . . . , bn-g he n — g independent vectors in R" with a common distribution 
invariant by rotation. Considering these vectors as a basis for the Euchdean lattice they generate, 
the aim of this paper is to provide asymptotic results when n -^ +00 concerning the property 
that such a random basis is reduced in the sense of Lenstra, Lenstra & LovASZ. 
The proof passes by the study of the process ('"i" i,?'i+2j ■ • • >''n-i) where r^" is the ratio of 
lengths of two consecutive vectors 6*_,_|_]^ and 6*_, built from (61, . . . , 5„_g) by the Gram- 
Schmidt orthogonalization procedure, which we believe to be interesting in its own. We show 
that, as 71 ^ +00, the process (r|" — l)j tends in distribution in some sense to an explicit 
process {TZj ~ 1)^; some properties of this latter are provided. 
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We call ambient space the space M"' with its classical Euclidean structure. The Euclidean norm 

\0 ■ is denoted by ||.|| and the scalar product by (,). Let 6^ , 62 > . . . , 6p (for p < n) be a linearly 

^£ I independent system of p vectors of M". The superscript ("' is used when needed to stress the 

r^ ' dimension of the ambient space. The quantity 

t^ ' 

g = n-p, 

is often used in this paper and referred to as the codimension of the independent system. 

X 

Hi 1.1 The Gram-Schmidt orthogonalization, the reduction level and the index of 
worst local reduction 

To the independent system bl" , 62 ' • • • ) ^p ' the classical Gram-Schmidt orthogonalization proce- 
dure associates the orthogonal system b^ , • • • , bp defined by the recursion 

b\' =b\' , b)' =b)' -2_^ ' b\ for J > 2. (1.1) 

i=l \\°i II 
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li B = [bi , • • • , bp ] is the n x p matrix with column vectors b^ , • • • , bp in the canonical basis, 
this orthogonalization corresponds to the QR decomposition B = QR where 



Q 



aW ... h^^) 



is an orthogonal nxp matrix and R is an upper triangular px p matrix {Rkj =0, 1 < j < k < n) 
and 

R,j = 1, Rkj = 1 '/ , l<k<j<n. (1.2) 

Definition 1.1 Let b^ , 62 j • • • > ^p be a linearly independent system of vectors o/M" whose codi- 
mension is g = n—p. Let b\ ,■ ■ ■ ,bp be the associated Gram-Schmidt orthogonalized system. We 
call reduction level of b\ ,62 , . . . , 6p the quantity 

II^W 112 



M?, :- -■- " *+^ 
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ie{l,...,n-(g+l)} ||5(")||2' 

H^e ca// index of worst local reduction of b]^ , 63 , • • • , &p the quantity 



J^=min<^i: 1,X = Mi 

I ll?i(") l|2 



(") /,(") a{") 



The motivation of these definitions is explained in Section ri.3l When the vectors b\^ , 62 , ■ ■ ■ ,bp 
are chosen at random, the reduction level and the index of worst local reduction are two random 
variables, well defined whenever b^ ,b2 , ■ ■ ■ ,bp is a linearly independent system. This paper 
is essentially devoted to the study of these random variables. The next subsection details the 
distribution we consider for the vectors b^ , ^2 ) • • • 1 bp . 

1.2 Models of random bases 

In this paper we assume that the 6j's are picked up randomly in IR", independently, and with the 
same distribution f„. Moreover we require z^„ to be invariant by rotation and to satisfy fn(0) = 0. 
It is then well known (see [E] Th. 1.5.6 p. 38 and Letac [l^]) that the radial part ||6j" || and 
the angular parts 6\"' := ft^ /H^^ || are independent, and that the angular parts are uniformly 
distributed on S"^^ := {x £ IR" : ||x|| = 1}. We call such a model a "simple spherical model". 
Since we are interested in the asymptotic behavior of a random basis in R" when n goes to +00, a 
spherical model will be a sequence of distributions {I'n), each i/„ being a simple spherical model in 

The uniform distribution U„ in the ball B" := {x E IR" : ||x|| < 1} - called the "random ball 
model" - is a particular case of spherical model. Under U„, the distribution of the radial part is 

U„({x: ||x|| <r}) =Un(||6S"^|| <r) =r", 0<r<l. (1.3) 

Under a spherical model, b" , 0^ \ ■ ■ ■ , bp (for p < n) are a.s. linearly independent. We call it a 
(p-dimensional) random basis. 



Our main results hold under assumption H1.2() . This is a technical condition on the distribution 
(f„) which allows to transfer results concerning the uniform distribution on S"^^ to more general 
spherical distributions. 

Assumption 1.2 There exists a deterministic sequence {an)n and constants di,d2,a > 0, po £ 
(0, 1) such that, for every n and p £ (0,po) 

> p 1 < die-'^'^'P" . (1.4) 
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This implies in particular that sup i ""'^ " 1 ,is{l,...,n}> > 0. 

Here are three natural examples of model f„ where such a sequence (a„) exists: 

• Un is the uniform distribution on S"^-*^. In this case ||6^" |P = 1, and a„ = 1. 

• Un = U„. In this case, a„ = 1 and by (|1.3|1 . 

Un(|||4"^f K - 1| > P) = (1 - Pf/' < e-"^/2. 

• f„ is the n-variate standard normal (the coordinates are i.i.d. AA(0, 1)). Then ||6^" |p/2 is 7„/2- 
distributed. For a„ = n, 

P(|||6!")||Vn-l|>p) = P(7(n/2)>(l + p)^) + P(7(n/2)<(l-p)^). 
The Laplace transform E(e*'''^"'^^) of 7(n/2) is (1 — t)""'^, and its Cramer transform is 

ii-W2)(a;) =sup|ex-logE(e^^("/2)a ^^_!J^!!lQg(^/(2x)), x>0. (1.5) 

e<i •- J 2 2 

By Markov , P(7(n/2) > (1 + p)f ) < e-^^"^'^«i+/')"/2) = e-t(''-'°g(^+'')) and by an analogous 
calculus, P(7(n/2) < (1 - p)§) < e5(''+'°s(^~'')). Hence assumption ((T^ holds in this case with 
a = 2. 
Notice that these three models are cited in the book of Knuth ([^1 Section 3.4.1]). 

The motivation to study the random variables Mn and Zn comes from the theory of "lattice 
basis reduction". The next section briefly describes this motivation and expresses our result in 
the vocabulary of this theory. The reader who is not interested by this theory may skip the next 
section. 

1.3 LLL reduction of a random lattice 

Let b^ , 62 ) • • • ) bp (for p < n) be a linearly independent system of p vectors of R". The set of 
all their integer linear combinations is an additive discrete subgroup of M" called a lattice. The 
system b^ , 62 1 • • • ) bp is then a basis of the lattice. The integer p is the dimension of the lattice 
or the dimension of the basis. The codimension of the lattice basis is the codimension g = n—p oi 
the linearly independent system hi\ . . . , bp . The basis is called full if (7 = 0. 

The lattice basis reduction problem deals with finding a basis of a given lattice, whose vectors are 
"short" and "almost orthogonal" . The problem is old and there are numerous notions of reduction. 



For a general survey, see for example |H1 1161 [7]. Solving even approximately the lattice basis 

reduction problem has numerous theoretical and practical applications in integer optimization ^J , 

computational number theory TIP and cryptography J14j . 

In 1982, Lenstra, Lenstra and Lovasz 10, introduced for the first time an efficient (polynomial 

with respect to the length of the input) approximation reduction algorithm. It depends on a real 

approximation parameter s g]0, v3/2[ and is called LLL(s). The output basis of the LLL algorithm 

is called an LLL(s) reduced or s-reduced basis. In this paper we are concerned with the probability 

that a random basis under a spherical model is LLL(s) reduced, (i.e. is already an output basis of 

the LLL(s)-algorithm). 

Roughly speaking the LLL reduction procedure is an approximation algorithm following a divide 

and conquer paradigm: Indeed for i £ {1 . . .p—1}, the following condition (|1.6j) ensures that some 

(n) 

"local two dimensional basis" is s-reduced. This two dimensional basis is the projections of b^ and 

bj^i into the orthogonal H^- of the vector space Hi spanned by b^ , 63 , • • • , &i_i • ^01 showed that 
when all these two-dimensional bases are s-reduced then the whole basis has nice enough Euclidean 
properties. For instance, the length of the first vector of an LLL-reduced basis is not longer than 
(l/s)(^~^' times the length of a shortest vector in the lattice generated by bl" , 62 , • • • , bp . 
The next definition characterizes an LLL(s) reduced basis. 

Definition 1.3 Let 5^" , 62 > • • • > ^p (/or p < n) be a linearly independent system of p vectors of 
M". It is an LLL(s)-reduced basis of the lattice that it generates iff for all 1 < i < p — 1, 

"^+1" >s2. (1.6) 
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There are two minor differences between the definition of LLL reduction we consider here and the 
original definition introduced in |1UJ . 

Firstly in the original definition the basis has also to be proper, i.e. if i? = QR is the decomposition 
(|1.2() associated with the Gram-Schmidt orthogonalization of the basis b^ , 62 > ■ ■ ■ > ^p j then 

-1/2 < Rkj < 1/2 , l<k <j <n. (1.7) 

But from any basis satisfying (|1.6j) one efficiently obtains a proper basis still satisfying (|1.6j) by a 
straightforward sequence of integer translations provided in appendix. Moreover considering the 
notion of flag j2j rather than basis for lattices, makes it possible to skip the notion of properness. 
Secondly the approximation parameter of the original LLL in |1UJ is slightly different from the one 
we use here and the reduction we consider here is indeed Siegel reduction as called in [21^ . Our 
main Theorem 11.41 is still true with the original definition of a LLL reduced basis as detailed in 
appendix. 

In this paper we study the asymptotics (with respect to the dimension n of the ambient space) 
of the random variables A4n and In under spherical models and for general codimensions of the 
random basis. The variable Ain is the supremum of the set of those s for which the basis is s^- 
reduced. As mentioned earlier an LLL(s) reduced basis satisfies a set of local conditions. The 
second variable X^ is the place where the satisfied local condition is the weakest. This indicates 
where the limitation of the reduction comes from locally. 



Theorem 1.4 Let 6-[" , ^2 ) • • • i ^n-g be a random basis with codimension g under a spherical model 

{vn) satisfying Assumption il.i^) . Let s G (0, 1) be a real parameter. 

(i) If g = g{n) tends to infinity, then the probability that a random basis is s-reduced tends to 1. 

(ii) If g is constant then the probability that a random basis is s-reduced converges to a constant 

in (0, 1) (depending on s and g). 

(Hi) If g is constant, the index of worst local reduction Zn converges in distribution. 



Theorem 11.41 answers positively to a conjecture of Akhavi [2] (which says that for c G [0,1), 
^cn-i \. 2)_ In his Lemma 3 p. 376, he proved that P(A45;"^^ < s) ^ , as soon as 

n 

1 1 — C 1 w^m^— 

s < 2 (1 — c) ~^ (1 + c) ~ , and that this convergence is exponentially fast. The proof of Theorem ll.4l 
relies on some properties of random basis under the spherical model which are of interest by their 
own; these results are overviewed in the next section. 

Notice that in [£], Donaldson proved a phenomenon similar to the assertion (i) of Theorem 11.41 

(n) (n) 

He considered a different random model: The basis b\ , • • • , 6„_„ is picked up uniformly in the 

set {||6i IP + • • • + ||&„_g|P = 1} (Euclidean sphere in R"^*^"-"^)). He proved that as n ^ oo with 
n — g{n) a fixed constant , the basis is asymptotically reduced in the sense of Minkowski, i.e. each 
b^ is a shortest vector among all vectors of the lattice that complete 6^" , • • • , 6^_ ^ to form a bigger 
subset of a lattice basis. So his result is about a stronger notion of reduction but he considered a 
much more restricted class of basis. 

To finish this Section about lattice basis reduction, observe that our Theorem 11.41 about LLL 
reduction can be generalized to other reductions: In ^21 Schnorr introduces a new type of reduction 
by segments. In this setting one fixes an integer k and partitions a basis whose vectors are in R" 
and whose codimension is g into m segments of k consecutive basis vectors such that n — g = km. 
For a basis with codimension g, the reduction criterion is based on the quantity 

lltW ||2... lltW ||2 

Mf„= inf ^-t^ W^k^ 

Similarly to the assertions of Theorem 1 1.41 if g = g{n) tends to infinity and the block size k is fixed, 
then for any s G [0, 1] the probability that a random basis is s-reduced in the sense introduced 
by Schnorr tends to 1 with n. If 5 is constant then this probability tends to a constant in [0, 1] 
(depending on s, g and k). ^ 

1.4 Random bases issued from spherical models 

For any j = 1, . . . , n, let 

y{") .^ ||ft(")||2/||/,(")||2 

j • II i II ' II i II • 
We denote by 7a and Pa^b respectively the gamma distribution with parameter o, and the beta 
distribution with parameter a and b. In the sequel 7(a) and [3{a, b) stand for generic random 



'^Of course there is a choice of approximation parameters such that when a basis is LLL(s) reduced then for any 
fixed fc, it is also s, fc-reduced in the sense introduced by Schnorr. But our approach here shows the existence of hmit 
probabihties (with n) for the reduceness of a random basis in the sense introduced by Schnorr. 



variables with respective distribution 7^ and Pa,b- Some classical properties of these distributions 
are recalled in the appendix. 

We first recall some facts concerning the spherical models, facts that are more or less part of 
the folklore, and which have been proved several times (e.g. ^3], Hj). 

Theorem 1.5 For each n, under the simple spherical model, the variables ||fc," |P , j = 1, • • • ,n 
are independent. For every j = 2, . . . ,n, 

Yt''Sp(^^^P^.i^). (1.9) 



and the random variables Y^^ ,j > 1, ||fc," |P,J > 1 are independent. 



A probabilistic proof is given in Section [2. II for the convenience of the reader. 

Corollary 1.6 Under ; 
dent and for 1 < j < n 



Corollary 1.6 Under the random ball model U„, the variables \\bj\\'^, j = 1, • • • ,n are indepen- 



As an easy consequence of the properties of the beta distribution, under U,i, 

iiftW-f ^=^-ii65"^f . (1.11) 

The statement of Corollarv 11.61 in this formulation is due to Daude-Vallee ((Sj). Actually, (jLlUj) is 
a consequence of Theorem 1 1 . 5 1 and identity ()3.6() . since p.3|) means that ||6j" |P = /3(n/2, 1). 
The random variable Mn has the representation : 

||t(") ||2 

Mi = mm r . ' , r) ' := ^/, . (1.12) 

9+l<i<rt-l ^ ^ ||/)(") ||2 

ll'^n-jll 

As one can guess in view of Theorem 11.51 under i/„, for each j, rj converges in distribution to 
7 ( ^^ ) /7 ( 2 ) ' '^l^si's 7 ( ^'Y' ) ^'^'-^ 7(2) ^^^ independent (see Proposition 12. 1|) . By the strong 



law of large numbers, one sees that 7 ( ^^ ) /7 ( § ) ~~^ ^■^ ^^^^ allows to guess that the minimum 
Mn is reached by the firsts rj" , this motivates the time inversions done in 1)1.12(1 . 

The variable A^n is a function of the {n — g)-tuple (?'i+i , • • • ^^-1 ) > ^'^^ then the convergence of each 
coordinate is not sufficient to yield that of Mn- We have to take into account that the variables 



vj)j<n-i ^-re dependent, and that their number is growing. Since for the "last" indices (n 

with i fixed), r^_j > 1 (see (|2.4() ). it is convenient to embed the (n — l)-tuple (r}" , • • • r^^ 

into Mt^ (the set of infinite sequences of positive real numbers), setting 



rj"^ := 1 , j>n. (1.13) 
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Let (r/j)j>i be a sequence of independent random variables such that rji = 7^/2 and set 

nj=rij/r]j+i, j>l. (1.14) 

We denote by ||.||p the classical norm on the set ip of sequences of real numbers with finite pth 

moment: for any sequence of real numbers x = (xj)j>i, ||x||p is ( J2i>i \'>'-i\^] and £p is {x, ||x||p < 
+00}. 

The following result states a limit behavior for the process (rj" ) when n goes to+00. 

Proposition 1.7 For any p > 2, the following convergence in distribution holds in the metric 
space ip : 

(^"-l)i>iV^(^i-l)i>i- 

The previous proposition is the key result here and it will entail all the convergence results given 
in the next theorem. 
For /c G IN, set 

M^ :=inf{7^J■,j > A;+l}. 

The application x h^ 1 + minj>fc Xj is continuous from ip onto M. It follows that Mn A 1 converges 
in distribution to ^A^ . We will prove that 

Theorem 1.8 //fn is spherical and satisfies Assumption M .^ then. 
(i) For each k, M^ > M''. 

n 

{ii) Let (7 : N ^ N such that g{n) < n and g{n) -^ 00. We have Ain ^ 1 • 

n 

(Hi) For any k > 1, T^ > l'^. 

n 

Notice that Proposition II . 71 and Theorem 11.81 have their analogous for the reduction introduced by 
Schnorr in J15j . By setting 

||'^(") ||2 ||'^(") ||2 

^in = ^ min r';^^^ , rg := "-('^+1)^+1 "'"^ and r'j^^ := 1 for kr > n, 

' g+l<kr<n—l ' ' \\h^ ' 2 \\h ' 2 ' 

II n-(r+2)fc+lll • • • II n-(r-l)fell 

if we let n —i- oo, we have convergence of {rj^r)r to a process {Tlk,r)r with 

7^fc,. = ^^^ , Vk,r = l{r/2h{{r + l)/2 • • • 7((r + k - l)/2) , 

where the rik^r,r > 1 are independent, and the gamma variables too. Then by setting 

Ml ■.= mi{nk,r,kr>g+l}. 
one obtains also an analogous to Theorem 11.81 

A note on the proof of Proposition 11.71 The ambient spaces M",n > 1 are not nested, 
and then we give up the geometrical consideration on M" and focus on the representation of the 
processes r" using the gamma distributions. 
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Figure 1: On the first picture, simulation of the density of A^!^, with 10* data. On the second, 
the histogram provided by 10000 simulations of Zoo- The sequence k i— > P{T^ = k) seems to 
be decreasing. 



We end this section by stating some properties of the limiting process (Tlk)k>i- First of all, in 
statistics the distribution of ^^Ti-j is known as the Fisher Fj^+i-distribution (its distribution is 
recall in ()3.5|) ): the mean of TZj is j/{j — 1) and, as said above, T^a: — -— > 1- Here are some sharper 
results (see also simulations on Figure^. 



Proposition 1.9 (i) For each k, the distribution of Ai^ has a density, which is positive on (0,1) 

and zero outside. 

[a) For each k, 

limx-('=+^)/2p(_y^/= < ^) ^ ^/P (t±l 
xio \ 2 

(iii) There exists r > such that for each k > 0, 



limsup e(^-yy^ ]P{M > y) < oo . 

yn 

{iv) For each k, there is a.s. a unique random index I such that TZjk = Ai 



2 Proofs 

2.1 Additional information on random basis 

We first give a proof of Theorem 11.51 for convenience. 

Proof of Theoreni ll.5l Let us skip the superscript (n) in this proof. We have bi = ^i||6i|| and from 
(jLlj) . we see that bi = \\bi\\9i, where the 0j's are obtained by the Gram-Schmidt algorithm applied 
to the 0j's. The independence of (^i, • • • , 9n) and (||&i|P, • • • , ||^n|P) is then a direct consequence 
of the radial-angular independence. Notice that 9i = 1. 



Now, fix /c > 2. Conditionally upon 9i,- ■ ■ ,9k-i, the variable \\9k\\ is distributed as the norm 
of the projection of a random vector uniformly distributed on S"^^ on span{9i, ■ ■ ■ ,6k~i}- Since 
the problem is invariant by rotation, this distribution is independent of (^i, • • • , 0a:_i) which proves 
(recursively) that the ||^j||'s are independent. Moreover, ||^fc|| is distributed as the norm of the 
projection of 9k (or ^i) on the subspace generated by the n — k + 1 last vectors of the canonical 
basis. From Muirhead El Theorem 1.5.7, p. 38-39] the distribution of H^fclP is n-k+i k-i . D 

2 ' 2 
(n) 

Here are some information on the asymptotic behavior of the random variables Y"- : 
Proposition 2.1 Under a spherical model, for each j > 1, 

VJi ' 72+1, (2.1) 



2 "~^ 



2 



.(n) jd) 

In view of Theorem 11.51 this yields: 



Y^'' -^^^ 1. (2.2) 



Proposition 2.2 Under a spherical model, if ||6i |P/a„ > 1 for some deterministic sequence 

n 

an, then for each j > 1, 

J_||6W||2 J^ 1. (2.4) 



a. 



■n 



Remark 2.3 Under the same assumptions, we have also: 
If h{n) -^ oo and h{n)/n — > 0, then 



IfO<a<l et k{n)/n -^ 0, then 



n—hin)" „ ^ ' 



1 \Yu(n) II 2 pj'ofca' 

a 



nVinj II 2 prooa. , , 

, , , J > 1 — Q . 2.0 

II an+A;(?i)ll ^ v / 



This result stated under U„ can be found in 2, Theorem 8]. Let us give a new proof which 
prefigures the main arguments used to prove the convergences in Section [2.31 

Proof of Propositions I^TTl and 12.21 From Theorem 11.51 we have the decomposition, 

ntC") ||2 W v(") ll/,(")||2 C9 7\ 

with Y^_- = P ( ^-^, ^~2~ ) • Let {ij)j>\ be a sequence of i.i.d. 71/2-distributed random variables. 
From (|3.3|) and (|3.2|) . we can write 

9 



By the strong law of large numbers, 



n 2 



n 



{d) 



and for each j, X]m=i ^rn = 7((j + l)/2), which yields H2.1() . From this and the additional assump- 



tion 116 



(")||2 



/an 



(d) 



1, we see that (|TH|) holds true. For fl?^ . notice that (1 - Y. 



Wx W x.(") 



y 



n-j+2 ' 



and that K, 



(n) proba. 



n-j+2 



by dHH). To end, ((Til) is a consequence of (|12I) and ||6i"lV«n ^ 1- □ 



(")||2 



(d) 



The following lemma will be used to transfer results from the uniform distribution on S" ^ to 
more general spherical distributions. 

Lemma 2.4 Assume that Assumvtion M .'A holds. If Ui and U2 be independent and Ui = U2 = 
\\hi W^ , then there exist d[,d'2,a > and po ^ such that for any k > l,n > 1 and p G (0,/9o) 



P 



Uo 



> p) < d'iexp(-n4p")- 



(2.9) 



Proof: We have 



F|^>l + p) < P(C/2<(l-p/2))+P(C/i>(l+p)(l-/,/2)) 



< P(C/2<(l-p/2))+P(C/i>(l+p/4))) 



F(^^<l-pJ < P(C/2>(l + /5/2))+P(C/i<(l-p)(l + p/2)) 
< P(C/2>(l + p/2))+P(C/i<(l-/>/2)) 

With the help of assumption (|1.4|) , this yields 



as soon as p < 1/2. Similarly 
'Ui 



P 



^-1 

t/2 



> p ) < diexp(-n4p")- 



D 



2.2 The process (TZk)'- estimates and proof of Proposition ITTUl 

Lemma 12.51 and Proposition 12.61 first state some properties concerning the fluctuations and large 
deviations of the distribution 7^^ 

Lemma 2.5 The following convergence in distribution holds 

V^(7^fc-l)-^AA(0,4). 
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Proof : Setting 



rjk - k/2 rjk+i - jk + l)/2 



the CLT gives {^k,Q -^^ AA(0, 1/2) ® ^f{0, 1/2) hence ^ - CL -^^ AA(0, 1). Since 

Vk+i V 2Vfc/ 

and ??fc+i/fc ^ 1/2 a.s., we get the result. D 

Proposition 2.6 Let f-ji^ be the density oflZk and 

^k{x) = (4x)^"^(l + xy^'^ . 

1. For A < 27r^^'^ < B we can find an integer K such that 

AVk $fc(x) < M, (x) < BVk ^k{x) (2.10) 

for every x S (0, cxd) and every k > K . 

2. There exists a constant C such that for every k > 1 and p G [0, 1] 

w{nu<i-p) < ci^i-j^^j (2.11) 

/ 2 X^V2 

P(7^fc>l + p) < Ci^l-j^^j . (2.12) 

^(2) 

3. Assertion 2 holds true when TZ^ is replaced by TZ'j^ := — t— . 

Notice that the distribution of TZ'f^ is known in statistics as the Fisher F^^k- 
Proof: 1) We have fn,,{x) = Cfc$fc(x) where 

_ 1-1 r(fc + l) _ 2 T{k + \) ^^2 

^^ r(|)r(Mi) V^ nk) V^' 

2) The bounds may be obtained by integration, but also by writing the beta variables as ratios of 
gamma variables and using Chernov's bounds. Noticing that TZk and TZ'j^ are Fisher-distributed, 
the above results are related to section 4 of |31. Since we need bounds holding for p depending on 
k, we use the classical Chernov's method : 

W{lZk > 1 + p) = IP (% - (1 + p)r]k+i > 0) 

< Ee^^{9l^k-e{l + p)r1k+l) = (Ee'^A lEe-'^'+P^'^' 



:i + ^(1 + p))-'/^ ((1 - ^)(1 + ^(1 + p))-''/^ 
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The function 9 ^^ {1 — 6){1 + 0{1 + p)) reaches its maximum for = „,f \ G (0, 1), so that : 



.2 \ fc/2 



Similarly 



nT^k>l + p)<[l-^^,] . (2.13) 



P(7^fe<l-p) < Sexp(0(l-p)%+i-0r/fe) 

= ((1 + ^))(1 - e{l - p))-'/^ (1 - 6(1 - p))-V2 

< V2il P 



{2 + p)\ 

3) For TZ'i^ the proof needs similar evaluations and is left to the reader. D 

Thanks to these bounds on the deviation of the process {TZ^) around the value 1, one may 
establish the following corollary. 

Corollary 2.7 For any p > 2, the process ilZk — 1) is a.s. in ip, i.e. J2k l^fc — 1|^ < oo a.s.. 

Proof Thanks to the Borel-Cantelli lemma, it is enough to find v = {vk)k>i ^ ^pi such that 

^P(|7^fc-l| >Wfe)<oo. (2.14) 

k 

Taking p = k-f" in the bounds f^TWt and (tTTTl) . we have J2k ^ (l^fc - 1| > ^"'') < cx) if 1 - 2^ > 0. 
For p > 2, one may choose p G]1/p, 1/2[ and v^. = k~^. Then {vk)k>i ^ ^p and satisfies 1)2.14(1 . D 

Proof of Proposition 11.91 

Proof of (i). We give a proof in the case k = 0, but the argument is the same for any A; > 0. 

First, since for any j, TZj > a.s. and since a.s., liuijTZj = 1, the support of A^'' is included 
in [0, 1]. For the same reason, the sequence (TZk) does not accumulate at 0, which yields that the 
distribution of Ai^ has no atom at 0. 

Using Lemma 12.51 write 



TPiJZj < 1) = IP (y/2j{nj - 1) < o) > 1/2. 

Hence by the reverse Borel Cantelli lemma, a.s. there exists an infinite sequence of j such that 
TZ2j < 1) which yields that TW*^ has no atom at 1. 

It remains to check that the support of A^*^ is exactly [0, 1] (see (1) below) and that Ai^ has a 
density (see (2) below). 

(1) Let us prove that P(infj TZj £ [a, b]) > 0, for every [a, b] C [0, 1]. It is enough to find a sequence 
of (independent) events Bj := {r]j G {aj,f3j)},j > such that 

OD ^ ^. OO 

[^ Sj C i infTZj G [a, b] i and JJ P(5j) > 0. (2.15) 

12 



Let ja = inf{j : j > 2(1 + a)/(l — a)}, A := ja(l + a)/4 and ci < C2 in (a, 6). Choose 



Ol = ^Ci , 0:2 = ^ , ttj = A foT 3 < j < ja , aj 



for j > ja + 1 , 



/3i=^C2, /?2 = — , /?, = -for3<i<ia , /3, = ^:^-4^i±^fori>ja + l. 
a a Aa 

We check easily that Si n ^2 C {T^i G (a, C2)}, and -Bj n S^+i C {TZj G (a, 00)} for j > 2. This 

proves the first claim of ()2.15|) . 

It remains to prove that the infinite product is convergent, i.e. that 






< 00 . 



(2.16) 



For j > ja, the interval {aj,l3j) straddles the mean j'/2 of ijj : 



i(l + a) ^ j 



< 



4 ^ 2 ' ^^ 



A-> 



j(l + 3a) ^ j 



8a 



> 



so that the large deviations inequalities hold: 



logP(r?,<a,)<-J//(V2)/l+^^ , logF(ry,>/5,)<-ji/(i/2)^^ + ^'' 



where H^^'"^' , the Cramer transform of 71/2 is given in (|1.5|) . This yields a positive constant M 
such that for j > ja 

P(S|) = lP{ijj < aj) + lP{rjj > f3j) < 2e'^^' 

and the series is convergent, which proves 1)2. 16() and P(infj7^j G [a,b]) > 0. 

(2) According to Radon-Nikodym's theorem, it suffices to find a positive integrable function / 
on (0, 1), such that for any [a, b] C (0, 1), 

P(7W° G [a,b]) < I f{x)dx 

J[a,b] 

By the union bound, we have for every 6' G (6, 1) : 

P(7W°G [a,6])=F(inf7^,, G [a, 6]) < P (Ufc{7^fc G [a, 6']}) < VP(7^fcG [a,b']) . 



fc>i 



For B > 2/ ^/tt, thanks to formula 1)2. lUj) . there exists K > 1 such that 
J^P(7^fcG[a,6]) < i?/ [Y^^'^kix)] dx 



k>K 



dx 



V^(l + a;)3/2 



2 A v^(i - vi)" 
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dx . 



Since every TZk has a density, one may bound the K — 1 first terms of the sum by J fi{x)dx for 
some integrable /i. Then, since the bound holds true for any b' > 6, we can let b' [ b and we get 
the result. 

Proof of {ii) We have P(7^fc+l < x) < W{M^ < x) < Ej>fc+i^C^i ^ ^)- Using (jSISl), one 
obtains, for x ^ 0, 

Y(h±A\ a;{fc+i)/2 ^(fc+i)/2 

P(7^fe+l < x) = ,,,,; ^ ^ (1 + oil)) = -^rrnrr (1 + oil)) . 

On the other hand, a simple computation shows that, when x — > 0, 

j>A:+2 

Proof of (in) We have, for j > k 

2j , , 2j 



P (a^^ > 1 _ j-1/2) < ]j p (^7^2^ > 1 _ j-i/2) < -Q p (t^^^ > 1 _ ,-1/ 



1/2 
i=3 i=j 



Prom Lemma 1131 we know that lim^ P (7^2fc > 1 - k''^/^) = P(iV > -^/2) where N is AA(0,4). 
Taking r > with e""^ > P(A^ > — v2) we see that for j large enough 

P (m'' > 1 - j~^/2^ < g-ri 

which ends the proof of (iii). 

Proof of (iv) The support of M'' is [0, 1] and Iim7<!.j = 1 a.s. so that the set {j >k + l,Tlj= M''} 
is not empty. Moreover since there are no ties {lP{TZi = TZj) = a.s. for i ^ j) this set is a.s. a 
singleton. D 

2.3 The proofs of convergence (Theorem 11.81 and Proposition ll.7]l 

In order to prove Proposition 11.71 and Theorem 11.81 we build a probability space on which are 
defined some copies of the variables ||6^" ||, z > 0, n > (and then also r^) and the process 
(TZk)- This space is not related with some embedding of M" in some larger space: the proof is not 
geometrical. Thanks to that procedure, we will be able to use the strong law of large numbers 
obtaining in such a way strong versions of the convergences in distribution stated in Proposition 
11.71 and Theorem 11.81 

From Theorem 11.51 and the representation H3.3p we see that 

||t{") ||2 _ T^(«) ||i(«) ||2 

ll"ra-fc+lll ~ -'n-A:+lll"n-A;+lll 

v(") W Z2m=l ^rn ,,An) ||2 W n j («) ||2 ('9 17^ 

-'n-fe+l ~ v^n A ■, \\"n-k+l\\ ~ ll"l II l-^-J^'J 
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where the .^m's are 71/2 distributed, and 1 1 &„_;._,_ ]^|| is independent of the ^m's. Since the ||6„_;j_,_]^ 

'-J 



for 1 < k < n — I are independent, we may consider two double arrays {^^, i > l,k > 1), {Cj,j > 



l,k > 1) of independent random variables (and independent together), such that 

a) for every j > 1 and A; > 1, ^,^ = 7(1/2), 

b) for every j > 1 and A; > 1, ("^ = ||&i |p. 

The common probability space on which are defined all the variables ^^ and Cj is denoted by 
Q. From now on we work exclusively on fi. 

Let us set 

Sp' = x^d, k>i, p>i. 

m=l 

Now, the processes (5'^)j>i for A; = 1, • • • are independent copies of (5'j^)j>i, and for each n > 1, 
we have the following distributional representation : 

{fc+if, l<fc<n-l}^=^|ic^, l<k<n-l\. (2.18) 



For n > 2, set 



Rt' 



qk 



( qk qk + l rk 

^■J^J^ -^ if 1< A; < n - 1 

-yk-\-l Qk 



'-'fc+l'-'n U (2.19) 

1 if A; > n 



we have now, (see (|1.12p and H1.13() ^ 

^(n) (£) ^(n) (2.20) 

The processes A""' ,n > 2 are not defined on a unique probability space, since the ambient spaces 
are not nested. On the contrary, the sequence i?'"' , n > 2 is defined on the unique probability space 
Q. For each A: > 1, the strong law of large numbers yields 

cfc+l 1 qk 1 

n n 2 ' n n 2 ' 
Besides, Lemma 12.41 with the help of Borel-Cantelli's lemma yields 

^k 



/■k+1 



a.s. ^ 
' 1, 



SO that if we set 

qk 

-ffc- 
'fe+1 

we get for any A; > 1 

Rl -^^ TZk. 

n 
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^^^=^' (2-21) 



Notice that TZ is defined in H1.14() . Hence, letting TZk be -^ here is a sHght abuse of notation but 

this is consistent in terms of distribution and ahows to avoid a new symbols. From now on (TZk) is 
then a random variable on 0,. Setting, for any g > 0, 



l^-lr^ llilli A 

g+l<k<n-l 

we get 



M^ = min Rr' and M^ = min TZk , (2.22) 

g+l<k<n-l ^ k>g+l 



Mi ^^ M^, (2.23) 

and want to prove a convergence (in probability) of M^ to A4^. Since the convergence of the 
coordinates of R^'^' to those of (TZk) is not sufficient to this aim, we need a uniform control. 
Set 

MS:= inf rP, 

k>9+l 

SO that MK = MKa 1. This yields < M^ - M^ = (M^ - 1)+ < {R^_-^ - 1)+. Since R^^}^ ^^^ 1 
(by Theorem 12.2(1 . we get 

M3 - MS ^^^^ 0, (2.24) 

n 

and so, M^ and Mfi have the same limit behavior. 

To prove Theorem 11.81 we first assume that the following lemma which is a strong form of 
Prop osition 1 1 . 71 holds true 

Lemma 2.8 For any p > 2, {R^ — TZk) converge a.s. (in Q.) to in £p, i.e. 



^|i^J^"^-7^fc|P^^0. (2.25) 



fc=i 



Proof of Theorem 11.81 

(i) From (|2.25|) and Lemma 0771 the sequence {R^ ~ ^)k>i converges a.s. in £p to {TZk — l)fc>i- 
Let K he a fixed integer. Since the mapping {ck)k>i £ ^p ' — > ^^ik>K Ck is continuous, one has 

Mf ^^ M^. (2.26) 

n 

Thanks to (ITM . we obtain M^ ^^^ M^ and then, by (IT^ 7W^ ^^ A^^. 

n n 

(a) Let e > and e' > be fixed. Since {TZk — l)fc>i S ^p, there exists K such that 

F(7W^ < 1 - e/2) < e'. 
For n large enough, one then has, by (|2.26() and (|2.24l) . 

F(Mf < 1 - e) < 2e'. 
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Since the function k i-^ M„ is non-decreasing, one has, for n large enough such that g{n) > K, 

P(M^(") < 1 - e) < 2e'. 

{iii) Take k = for the sake of simphcity. For a G R , let argmina = {i : infj>i qj = aj} and as 
usual set min0 = oo. Denote by /^ = minargminji?^, j > 1}, the natural version of T^ on il : 

/° ^1^ T° (2.27) 

We know that a.s. Ai^ < 1 so that for n large enough, we have M^ < 1, hence argmini?" = 
argmini?". Now, from Proposition \2.8( ii). a.s linii?" = 7^ in ip. Now, the convergence of y„ to 
y in Ip implies the convergence of minargmin(y„) to argmin(y) if 7^ argmin(y) = 1. Hence, a.s. 

lim/0 = jO. Thanks to ISTTTli . we deduce J° -^ J°. D 



Proof of Lemma 12. 8L 

Set Vn := Ek 1 4"^ - 7^fc|P = K + K' where 



K:= E l4" -^fcrandy::=E|l-^^l 



According to Lemma 0771 F^' 



l<fc<n-l 
a.s 



k>n 



n 



0. Then, it is enough to prove that V^ 



0. Since 



R 



(n) 



TZk 



ok+l /-k 



'-^n 1,71 

and since supfc>i TZk is a.s. finite, it is enough to prove that 



n-l 

E 

fc=i 



ofc+l aA 



Ck A, 



fc+1 



1 



0. 



(2.28) 



Let 5 > 0. By the union bound and the identity of distributions, we have 



f'n—l 



p E 



\k=l 



ok+l a/c 



ok /-fc+1 



>()' 



n-l 

< E^ 

fc=i 

= (n - DIP 



cfc+l a/c 



ok Afc+1 
•-^n Sri 

c.(2) .1 

^n ^n _ -1 

o(l) C^ 



> 



> 



n 



n 



i/p 



51/P 



Splitting this event, we get easily for e = ■^^75' 



P 



0(2) Afc 

^n '^n 



si^^ c^^ 



1 



>e <P 



S^, 



(2) 



a(l) 



1 



> e/3 + P 






1 



>e/2 



With the notation of the preliminaries, the first probability is P(|7?.^ — 1| > e/3). By a simple 
calculation using (|2.12|) . (|2.1H) and lemma ITU we can find ci and C2 > such that for every n 



r E 



Kk=\ 



Cfc+1 Afe 



Ck Afc+1 



1 



> 5 < cinexp ( —C2n p 



For p > 2, we get a convergent series, so ()2.28() holds true, which ends the proof of ii). 



D 
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3 Appendix 

3.1 LLL((^)-reduced basis versus Siegel(s)-reduced basis 

As mentioned in Section 11.31 the definition 11.31 is slightly different from the original definition of 
an LLL reduced basis as defined in ^^. Here we make precise this difference and show that our 
main result (Theorem 11.41) is still true with the original definition. 

Let (6) := bi , h^ , ■ ■ ■ , bp (for p < n) he a linearly independent system of p vectors of M" and 
recall the definition of the matrix R given in Section 11.11 

Definition 3.1 Let < 5 < 1 be a real parameter. The basis (b) is called truly-LLL(5) reduced if 
it is proper ()1.7|) and if 

ViG{l...,n-l}, \\bi+if + Rl^^\\b,f>6^\\bif. (3.29) 

From the above definition and the definition of a LLL(s)-reduced basis H1.3() . and since Rfj^i j < 1/4 
(thanks to the properness) one deduces immediately: 

Fact 3.2 (i) If a basis is LLL(s) reduced and proper then it is truly-LLL(s) reduced. 



(ii) If a basis is truly-LLL(5) reduced then it is LLL (^5"^ — 1/4) reduced. 

3.2 How to make a basis proper while preserving its LLL reduceness 

Here is a simple enunciation of the LLL (5) algorithm: 
The Make proper algorithm: 

Input: A basis b = (bi, . . . , bp) of a lattice L. 

Output: A proper basis b of the lattice L. 

Initialization: Compute the orthogonalized system b and the matrix R. 

For i from 2 to n do 

For j from (i-1) downto 1 do 

bj := bj — [Rj^i]hj ([x] is the integer nearest to x). 

Clearly the Gram-Schmidt basis associated with the input basis is preserved under the integer 
translations of the above algorithm. So the Gram Schmidt orthogonalized basis associated with 
the output basis is the same as the one associated with the input basis and the Make-proper 
algorithm preserves LLL(s)-reduceness and truly-LLL(s)-reduceness. 

3.3 A brief description of the LLL algorithm 

In this subsection, we provide a simple enunciation of the LLL((^) algorithm. Clearly if the input 
basis is LLL(s)-reduced and proper then it is also truly LLL(s)-reduced. So in this case the following 
algorithm will stop after one iteration of the ■while loop (which makes the basis proper). 
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The LLL((5)-reduction algorithm: 

Input: A basis b = (bi, . . . , b„) of a lattice L. 

Output: A LLL(5)-reduced basis b (or a truly LLL(s)-reduced basis) of the lattice L. 

Initialization: Compute the orthogonalized system b and the matrix R. 

i:=l; 

While i < n do 

bj+i := bj+i — [i?j^j+i]bj ([x] is the integer nearest to x). 

Test: ||6i+i|| > s\\bi\\ ? (or ||6i+if + i??,i+i||6if > 6\\bi\\^ ?) 

If true, make (bi, . . . , bj+i) proper by Make-proper; set i := i + 1; 
If false, swap bj and bj+i; update b and R; li i ^ 1 then set i := i — 1; 

3.4 The Beta— Gamma algebra 

We recall some properties of the Gamma and Beta distribution, used all along the lines of the 
paper. They can be found in '4 pp. 93-94. For a > 0, the gamma distribution of parameter a is 

Jaidx) = I[o,oo)(a;) dx, 

T{a) 

and its mean is a. 

For (a, b) £ M'^*, the beta distribution of parameters (a, b) denoted by fia,b is 

PaAdx) = ^|^)^^""'(1 - ^)'"' l(0,i)(^) dx. 

In the following, 7(a) denotes a variable with distribution 7^, and P{a,b) denotes a variable 
with distribution Pa,b- The first relation is 

(7(a), 7(6)) ^i (/?(a,6)7(a + 6),(l-/?(a,6))7(a + 6)), (3.1) 

where, on the left hand side the random variables 7(a) and 7(6) are independent and on the right 
hand side the random variables P{a,b) and 7(0 + 6) are independent. It entails 

7(a)+7(&)=7(a + b), (3.2) 

"^"^ '^- Pia,b), (3.3) 



7(a) +7(6) 

and 

7(a) (d) p{a, b) 



7(6) l-/?(a,6)' 

which gives 



(3.4) 



p(7(a)/7(6) G dx) = r|°)r(fe) (1 + xY+^ ^["'-^[^"^^ ^^ • ^^-^^ 
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The second relation is 



I3{a,b)p{c,a-c) = p{c,a + b-c), (3.6) 



where on the left hand side the random variables are independent. 
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